Tasleem is committed to protecting your privacy and developing technology that gives you a safe online experience. This Policy in Privacy applies to the Tasleem Website and governs data collection and usage. This Policy explains the type of Personal Information collected about our Customers, the methods used to collect our personal information and how it is processed. It also describes the methods of data keeping retention. Please read this Privacy Policy carefully before providing us with your personal information.

By using the Tasleem Website, providing your personal information, or making an application to avail yourself of any of our services, you consent to the collection, use, disclosure, retention, handling and processing of your personal information for the purposes of processing your applications and providing you with our services.

The data practices described in this Policy.

1              Collection of your Personal Information

• Tasleem shall in connection with service provision and identifying our customers collect personally identifiable information, such as Customers’ e-mail address, name, home or work address and/or telephone number. Tasleem also collects anonymous demographic information, which is not unique to Customers, such as zip code, age, gender, preferences, interests, and favourites.
• Information about Customers’ computer and mobile device hardware and software is automatically collected by Tasleem. This information can include IP address, browser type, domain names, access times, and referring Website addresses. This information is used by Tasleem for the operation of the service, to maintain the quality of the service, and to provide general statistics regarding the use of the Tasleem Website.
• Please keep in mind that if Customers directly disclose personally identifiable information or personally sensitive data through any public message boards, this information may be collected and used by others. Tasleem shall not be held accountable for any use of such personal information by any third party.
• Tasleem encourages Customers to review the privacy policies of any Websites chosen to link to from the Tasleem Website so that Customers can understand how those Websites collect, use, and share information. Tasleem is not responsible for the privacy policies or other content on Websites other than the Tasleem Website.

2              Use of your Personal Information

• Tasleem collects and uses Customers’ personal information to operate the Tasleem Website and deliver the services requested in a secure manner and for the purposes of identifying our customers. Tasleem also uses personally identifiable information to inform Customers of other products or services available from Tasleem and its affiliates. Tasleem may also contact Customers via surveys to conduct research about opinions of current services or of potential new services that may be offered.
• Tasleem does not sell, rent, or lease its customer lists to third parties. Tasleem may, from time to time, contact Customers on behalf of external business partners about a particular offering that may be of interest. In those cases, unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. Also, Tasleem may share data with trusted partners to help perform statistical analysis, send email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using personal information except to provide these services to Tasleem, and they are required to maintain the confidentiality of information.
• If data is transmitted to a recipient outside Tabreed, this recipient must agree to maintain a data protection level equivalent to this Policy. This does not apply if the transmission is based on a legal obligation.
• The processing of data is also permitted if local legislation requests, requires, or authorizes this. The type and extent of data processing must be necessary for the legally authorized data processing activity and must comply with the relevant statutory provisions. If there is some legal flexibility, the interests of the individual that merit protection must be taken into consideration.
• Tasleem does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without explicit consent.
• Data can be processed with the consent of the person concerned. Declarations of consent must be submitted by the data subjects. Consent may be given over the subject consent forms or as part of contracts where applicable or verbally (in cases where calls are recorded).
• Tasleem keeps track of the Tasleem Website and pages Customers visit on the Tasleem Website to determine which Tasleem services are the most popular. This data is used to deliver customized content and advertising within Tasleem to customers whose behavior indicates that they are interested in a particular subject area.
• Tasleem will disclose personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Tasleem or the site; (b) protect and defend the rights or property of Tasleem; and, (c) act under exigent circumstances to protect the personal safety of users of Tasleem or the public.
• Personal Information is subject to data secrecy. Data must be treated as confidential on a personal level and secured with suitable organizational and technical measures to prevent unauthorized access, illegal processing, or distribution, as well as accidental loss, modification, or destruction.
• Personal Information on file must be correct, complete, and – if necessary – kept up to date. Suitable steps must be taken to ensure that inaccurate or incomplete data is deleted, corrected, supplemented, or updated and no modifications are made over the information once provided by the data subject.

3             Use of Cookies

• The Tasleem Website uses “Cookies” to help personalize the online experience. A cookie is a text file that is placed on a hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to a computer. Cookies are uniquely assigned and can only be read by a web server in the domain that issued the cookie.
• One of the primary purposes of Cookies is to provide a convenience feature to save time. The purpose of a cookie is to tell the Web server that a customer has returned to a specific page. For example, if Customers personalize Tasleem pages or register with the Tasleem Website or services, a cookie helps Tasleem recall specific information on subsequent visits. This simplifies the process of recording personal information, such as billing addresses, shipping addresses, and so on. When returning to the same Tasleem Website, the information previously provided can be retrieved, so Customers can easily use the Tasleem features that were customized.
• Customers have the ability to accept or decline Cookies. Most Web browsers automatically accept Cookies, but browser settings can usually be modified to decline Cookies if preferred. If Cookies are declined, Customers may not be able to fully experience the interactive features of the Tasleem services or Web pages visited.

4             Customers’ Rights

• As individuals who are subjects of Personal Information held by TABREED, Customers are entitled to the following:
  • To request information on which Personal Information relating to a data Subject has been stored, how the data was collected, and for what intended purpose. If Personal Information is transmitted to third parties, individuals shall be informed of such a possibility.
  • If Personal Information is incorrect or incomplete, Customers can demand that it be corrected or supplemented.
  • To request data to be deleted if the processing of such data has no regulatory requirement/legal basis, or if the regulatory requirement/legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and protection must be observed.
  • To object to data being processed, and this must be considered if the protection of Customers’ interests takes precedence over the interest of the data controller owing to a particular personal situation.

5             Breach Notification

• Tasleem has established a robust data breach procedure to address incidents involving Personal Information. This ensures that any accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Information is dealt with swiftly and effectively.
• If Customers suspect a data breach, they should inform their designated contact at Tabreed immediately. This includes situations such as:
  • Improper transmission of Personal Information across borders.
  • Loss or theft of data or equipment containing Personal Information.
  • Accidental sharing of data with unauthorized individuals.
  • Inadequate access controls allowing unauthorized use of data.
  • Equipment failures leading to loss of data.
  • Hacking attacks that potentially or actually result in loss of data.
• Notify Tasleem immediately of any suspected data breach so the following actions can be taken:
  • Immediate remedial actions to mitigate the breach.
  • Compliance with reporting obligations to regulatory authorities.
  • Informing Customers and any other affected individuals promptly.
  • Effective communication with all stakeholders.
• When a potential breach is reported, an investigation will be conducted to determine the extent and impact of the breach. The steps include:
  • Validating the breach to confirm its occurrence.
  • Initiating and conducting a fair and thorough investigation, including digital forensics if necessary.
  • Identifying the necessary remediation steps and ensuring they are tracked and resolved.
  • Reporting the findings to senior management.
  • Coordinating with appropriate authorities as required.
  • Managing communications with internal and external stakeholders.
  • Notifying Customers and other impacted individuals if necessary.

6             Security of Personal Information

• Tasleem secures Personal Information on computer servers in a controlled and secured environment, protected from unauthorized access, use, or disclosure. When Personal Information (such as a credit card number) is transmitted to other Websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
• All personal and classified data must be kept securely and stored only as long as necessary. Measures are implemented to protect data against unauthorized access, accidental loss, damage, and destruction. This includes the use of password protection, multifactor authentication, encrypted databases for digital storage, and locked cabinets for paper records.
• Tabreed implements privacy-by-design measures when processing Personal Information. Appropriate technical and organizational measures, such as pseudonymization and encryption, are used to ensure compliance with data protection principles and safeguard information effectively.
• By default, only the personal and classified data necessary for each specific purpose is processed. This includes controlling the volume of data, the extent of processing, the period of storage, and the accessibility of Personal Information. Data is not available to an indefinite number of persons.
• For high-risk processing activities, Tabreed conducts Data Protection Impact Assessments (DPIAs) before undertaking such processing. The findings are discussed with the information security team to ensure all potential risks are addressed.

7              Retention of your Personal Information

• Tasleem will retain personally identifiable information for as long as is necessary to fulfill the purposes for which the information was collected. In all cases, personally identifiable information may be retained for the statutory period during which business records are required to be maintained in accordance with the applicable laws of the United Arab Emirates, or for any longer period in case of disputes.
• These records shall include, at a minimum, the name and contact details of any appointed data controller, clear descriptions of the Personal Information types, data subject types, Processing activities, Processing purposes, third-party recipients of the Personal Information, Personal Information storage locations, Personal Information transfers, the Personal Information’s retention period, and a description of the security measures in place.

Roles and Responsibilities

Reporting Information Security Incidents

In the event of an information security incident, including a data breach, customers can contact Tabreed using the following details:

• End-user Customers can lodge Information security complaints by calling 800 TASLEEM (8275336), emailing customerservice@tasleem.ae, or visiting the Tasleem website: tasleem.ae.